in reply to (OT) Re: Need advice with Perl and website
in thread Need advice with Perl and website
"Anyone running a non-wordpress site will testify to that."
Yes, indeed. I have run my own web/mailserver from home for years as a hobby, and do not use PHP (or even have it installed). The amount of hits you get with bots (and I think compromised MS machines) looking for wp php files is a pain.
A few years ago I got fed up with this nonsense, so knocked up a bit of perl that tails httpd access_log for such requests - if found, a bit of perl regex grabs the ip, then adds it to IPSETS group - instant firewall drop forever until I clear the IPSET.
Now, one strange thing is these 'bots' (or rather the code that does it) seems to be intelligent, and once dropped, it seems to remember - as I clean out and reset my firewall sometimes, the same IP's never come back - but new ones do. I will have to do some proper analysis on it one day
I run similar code on my mail server logs too for 'other' type bots.
FYI I last cleared it out and reset 5th June 2016 - here is the captured IP's since:
46.118.158.214 httpd Sun Jun 5 12:29:17 2016 157.55.39.56 httpd Sun Jun 5 13:57:17 2016 133.130.124.174 httpd Sun Jun 5 13:57:22 2016 207.46.13.150 httpd Sun Jun 5 13:58:49 2016 51.254.97.219 httpd Sun Jun 5 14:35:11 2016 212.83.177.193 httpd Sun Jun 5 16:03:56 2016 5.9.89.170 httpd Sun Jun 5 16:09:49 2016 69.30.198.178 httpd Sun Jun 5 16:19:27 2016 136.243.152.18 httpd Sun Jun 5 17:14:30 2016 51.254.129.9 httpd Sun Jun 5 19:41:22 2016 157.55.39.205 httpd Sun Jun 5 20:28:26 2016 5.9.73.227 httpd Sun Jun 5 20:31:14 2016 162.210.196.100 httpd Sun Jun 5 23:08:18 2016 51.254.215.143 httpd Mon Jun 6 03:10:05 2016 5.249.157.205 httpd Mon Jun 6 05:35:40 2016 40.77.167.33 httpd Mon Jun 6 06:09:06 2016 190.7.136.147 httpd Mon Jun 6 08:57:51 2016 199.58.86.206 httpd Mon Jun 6 12:14:57 2016 207.46.13.117 httpd Mon Jun 6 12:40:24 2016 207.46.13.128 httpd Mon Jun 6 12:57:29 2016 62.210.90.118 httpd Mon Jun 6 13:32:46 2016 157.55.39.100 httpd Mon Jun 6 14:29:09 2016 178.0.26.166 httpd Mon Jun 6 15:15:16 2016 109.248.32.78 httpd Mon Jun 6 16:51:17 2016 157.55.39.208 httpd Mon Jun 6 18:56:04 2016 157.55.39.179 httpd Mon Jun 6 22:03:25 2016 178.211.164.180 httpd Mon Jun 6 23:53:44 2016 207.46.13.180 httpd Tue Jun 7 00:05:58 2016 1.55.245.42 httpd Tue Jun 7 01:15:40 2016 40.77.167.12 httpd Tue Jun 7 02:42:36 2016 178.162.211.200 httpd Tue Jun 7 02:59:22 2016 103.231.44.52 smtpd Tue Jun 7 09:34:16 2016 157.55.39.148 httpd Tue Jun 7 11:33:48 2016 91.200.12.132 httpd Tue Jun 7 13:18:25 2016 69.197.177.50 httpd Tue Jun 7 20:33:49 2016 207.46.13.105 httpd Tue Jun 7 20:35:22 2016 144.76.93.46 httpd Tue Jun 7 20:42:42 2016 51.254.32.82 httpd Tue Jun 7 21:34:10 2016 188.126.129.20 httpd Tue Jun 7 22:02:18 2016 181.143.8.34 httpd Tue Jun 7 22:10:46 2016 106.184.3.122 smtpd Tue Jun 7 22:17:17 2016 62.210.107.201 httpd Tue Jun 7 22:25:19 2016 5.9.111.70 httpd Tue Jun 7 23:40:23 2016 157.55.39.28 httpd Wed Jun 8 00:08:55 2016 51.254.129.91 httpd Wed Jun 8 02:29:19 2016 51.254.141.30 httpd Wed Jun 8 03:15:36 2016 157.55.39.213 httpd Wed Jun 8 07:05:58 2016 71.6.165.200 smtpd Wed Jun 8 08:00:40 2016 69.197.177.26 httpd Wed Jun 8 08:04:28 2016 195.154.185.20 httpd Wed Jun 8 15:32:17 2016 142.54.184.90 httpd Wed Jun 8 16:51:53 2016 183.182.100.26 smtpd Wed Jun 8 17:14:12 2016 208.100.26.231 smtpd Wed Jun 8 23:36:36 2016 104.41.203.153 httpd Wed Jun 8 23:56:00 2016 40.77.167.6 httpd Thu Jun 9 09:18:38 2016 169.229.3.91 httpd Thu Jun 9 10:13:03 2016 144.76.29.162 httpd Thu Jun 9 19:41:56 2016 46.4.32.75 httpd Thu Jun 9 20:49:59 2016 144.76.7.107 httpd Thu Jun 9 21:06:52 2016 51.254.32.67 httpd Fri Jun 10 00:15:29 2016 149.202.54.5 httpd Fri Jun 10 01:22:23 2016 143.202.77.99 httpd Fri Jun 10 04:40:51 2016 195.154.187.115 httpd Fri Jun 10 04:43:25 2016 51.255.194.31 httpd Fri Jun 10 05:14:35 2016 157.55.39.225 httpd Fri Jun 10 09:19:22 2016 5.39.216.131 httpd Fri Jun 10 15:39:39 2016 157.55.39.147 httpd Fri Jun 10 15:55:12 2016
Nick
|
|---|